Apache .htaccess
The Apache Webserver file .htaccess is a powerful tool for managing the access and navigation to your webserver.
Unfortunately, the working is not very intuitive and not very simple.
There are may websites that tell they do understand/know htaccess, but little ir true. I do not pretend to know/understand htaccess, but I have some useful tips tricks. Please review them carefully and let me know what you think.
This website uses several references, such as Queness.com useful htaccess tricks and tips [1], the Apache Docs on htaccess [2].
Examples
Prevent PHP-Directory Access
The usage of a special PHP-include directory is a common implementation paradigm.
But you don't want anyone to have access to that directory except the program/application.
This snippet prevents the access to the directory file with extension php.
<syntaxhighlight lang="bash" line>
- Enable Mod Rewrite, this is only required once in each .htaccess file
RewriteEngine On RewriteBase /
- Test for access to the include directory
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /phpinclude/.*$ [NC]
- Test that file requested has php extension
RewriteCond %{REQUEST_FILENAME} ^.+\.php$
- Forbid Access
RewriteRule .* - [F,NS,L] </syntaxhighlight>
- Line 01-03: Needs to be set once and enables the RewriteCond and RewriteRule.
- Line 05-06: Tests case insensitive ([NC]=No Case) if the directory is ../phpinclude at the end ($).
- Line 08-09: Tests if the file name has the extension .php at the end ($).
- Line 11-12: Forbids access to the found file.
- F: Returns a 403 FORBIDDEN response to the client browser.
- NS: Causes a rule to be skipped if the current request is an internal sub-request.
- L: Stop the rewriting process immediately and don't apply any more rules.
Source: https://httpd.apache.org/docs/current/mod/mod_rewrite.html [2]
See also
- htaccess tester, Website with tester for the htaccess rules. Does not test server constant like THE_REQUEST etc.
- htaccess syntax check, Syntax checker for your htaccess scripts.
Reference
- ↑ Queness htaccess, Queness.com htaccess post Tips and Tricks.
- ↑ 2.0 2.1 Apache Docs, Description mod_rewrite module: Rewrite(s) condition and rules.